We recommend setting the following php.ini variables as general security settings on all servers. These are not specific to any mechbunny software, but rather general security guidelines.
disable_functions = eval,exec,passthru,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,phpinfo
display_errors = off
expose_php = off
In httpd.conf (on apache):
- TraceEnable Off
- Install and enabled mod_security